I made a site that is user-based and so far I've been able to easily handle the sessions up to this point. I'm not a noob when it comes to php, but I don't have a good working knowledge of javascript. I have set a timeout for my users so that they are automatically timed out after 20 minutes of inactivity. It works great, other than they need to click a link or refresh in order for the session to actually be timed out. This is my current php timeout.
<?php
//TIMEOUT AFTER 20 MINUTES
if(isset($_SESSION['signed_in'])) {
$inactive = 1200;
if(isset($_SESSION['timeout']) ) {
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive) {
$id = $_SESSION['user_id'];
//this db row is solely to display # of users logged in
mysqli_query($connect, "UPDATE users SET user_signedin='0' WHERE user_id = '$id'");
session_destroy();
$_SESSION = array();
header("Location: timedout.php");
}
}
$_SESSION['timeout'] = time();
}
?>
But I've also tried javascript (setting the timer to 5 minutes) like so:
<script>
var wintimeout;
function SetWinTimeout() {
wintimeout = window.setTimeout("window.location.href='timedout.php';",300000);
}
$('body').click(function() {
window.clearTimeout(wintimeout); //when user clicks remove timeout and reset it
SetWinTimeout();
});
SetWinTimeout();
</script>
I've searched a number of different places to find out how to implement an automatic redirect without having to click or refresh, but so far no luck. How do people redirect automatically (without clicking or refreshing) upon timeout?
EDIT: For people who are looking for the same answer: Ok, I was able to get the desired effect by adding this to my page header
<?php if(isset($_SESSION['signed_in'])) { ?>
<meta http-equiv="refresh" content="1800;url=internal.php" />
?>
"internal.php" is very similar to the first piece of code I pasted above, though I've taken out the piece where it checks for timeout. However, now I'm having problems with people exiting the tab and not getting signed out, but that's a whole other issue.